<?
include('./header.inc');
include('./database.inc');

if (!isset($_GET['uid'])){
	header( 'Location: ./users.php' ) ;
	die();
}

if ($_SESSION['superuser'] != "true" && $_GET['uid'] != $_SESSION['uid']){
	notify("error", "You do not have permission to edit this user");
	header( 'Location: ./users.php' ) ;
	die();
}


$uid = mysql_real_escape_string($_GET['uid']);

$query = "SELECT * FROM users WHERE user_id = '$uid'";
$result = mysql_query($query);
$row = mysql_fetch_array( $result );

$username = $row['username'];

include('./pagehead.inc');

?>
<h2>Edit User</h2>
<form name="createuser" action="./saveuser.php" method="post">
<table>
	<tr><td class="label">Username:</td><td><input type="text" name="username" value="<? echo $username; ?>" /></td></tr>
	<tr><td class="label">Password:</td><td><input type="password" name="password" /></td></tr>
	<tr><td class="label">Confirm Password:</td><td><input type="password" name="passwordconfirm" /></td></tr>
	<? if ($_SESSION['superuser'] == "true"){?>
	<tr><td class="label">User Type:</td><td><select name="superuser"><option value="false">Normal</option><option value="true" <?
		if ($row['superuser'] == "true"){
			echo "selected=\"selected\"";
		}?>	>Super User</option></select></td></tr>
	<? } ?>
	<tr><td></td><td>
	<input type="button" name="cancel" value="Cancel" class="cancel button" onclick="parent.location='./users.php'" />
	<input type="submit" name="submit" value="Save" class="button"/></td>
</table>
<input type="hidden" name="submitted" value="submitted" />
<input type="hidden" name="uid" value="<? echo $uid; ?>" />
</form>
<?
include('./pagefoot.inc');
?>